<?php
error_reporting(E_ALL ^ E_NOTICE);
include_once "class.mysql.php";

$db = new DB_Sql;						//初始化数据库
$db->connect($DB_Database, $DB_Host, $DB_User, $DB_Password); //数据库连接
mysql_query("set names utf8");

$db1 = new DB_Sql();						//初始化数据库
$db1->connect($DB_Database, $DB_Host, $DB_User, $DB_Password); //数据库连接
mysql_query("set names utf8");

$Conn=mysql_connect("".$DB_Host."","".$DB_User."","".$DB_Password."");
mysql_select_db("".$DB_Database."");  //数据库连接
mysql_query("SET names 'utf8'");

$strSql="SELECT * FROM tun2_config Order by id desc";
$db->query($strSql);
if($db->next_record())
{
	$web_url 		= $db->Record["weburl"];
	$web_name		= $db->Record["webname"];
	$web_logo 		= $db->Record["webdir"].$db->Record["weblogo"];
	$web_keywords 	= $db->Record["webmeta"];
	$web_description= $db->Record["webintroduced"];
	$web_key		= $db->Record["tun2key"];
	$web_tel 		= $db->Record["tel"];
	$web_icp 		= $db->Record["icp"];
	$skindir 		= $db->Record["skindir"];
	$skincache  	= $db->Record["skincache"];
	$webmode 		= $db->Record["webhtmlmode"];
	$webhtmldir		= $db->Record["webhtmldir"];
	$webhtmlname	= $db->Record["webhtmlname"];
	$webdir			= $db->Record["webdir"];
	$upfile			= $db->Record["upfile"];
	$Version		= $db->Record["Version"];
}
$strSql="SELECT * FROM tun2_email_set Order by id desc";
$db->query($strSql);
if($db->next_record())
{
	$email_url 		= $db->Record["host"];
	$email_port		= $db->Record["port"];
	$email_trueemail= $db->Record["trueemail"];
	$email_username = $db->Record["username"];
	$email_password = $db->Record["password"];
	$email_debug    = $db->Record["debug"];
	$email_addresser= $db->Record["addresser"];
}
function inject_check($sql_str) {
	return eregi('select|insert|update|delete|\'|\/\*|\*|\.\.\/|\.\/|union|into|load_file|outfile', $sql_str);    // 进行过滤
}

function verify_id($id=null) {
	if($id){
		if (inject_check($id)) { exit('提交的参数非法！'); }    // 注射判断
		elseif (!is_numeric($id)) { exit('提交的参数非法！'); }    // 数字判断
		$id = intval($id);    // 整型化
	}
	return $id;
}

function str_check( $str ) {
	if (!get_magic_quotes_gpc()) {    // 判断magic_quotes_gpc是否打开
		$str = addslashes($str);    // 进行过滤
	}
	$str = str_replace("_", "\_", $str);    // 把 '_'过滤掉
	$str = str_replace("%", "\%", $str);    // 把 '%'过滤掉

	return $str;
}

function post_check($post) {
	if (!get_magic_quotes_gpc()) {    // 判断magic_quotes_gpc是否为打开
		$post = addslashes($post);    // 进行magic_quotes_gpc没有打开的情况对提交数据的过滤
	}
	$post = str_replace("_", "\_", $post);    // 把 '_'过滤掉
	$post = str_replace("%", "\%", $post);    // 把 '%'过滤掉
	$post = nl2br($post);    // 回车转换
	$post = htmlspecialchars($post);    // html标记转换   //stripcslashes

	return $post;
}

function uh ( $str )
{
	$farr = array(
	"/\s+/" , //过滤多余的空白
	"/<(\/?)(script|META|STYLE|HTML|HEAD|BODY|STYLE |i?frame|strong|style|html|img|P|o:p|iframe|BR|div|TABLE|TBODY|object|tr|td|st1:chsdate|FONT|span|MARQUEE|body|title|\r\n|link|meta|\?|\%)([^>]*?)>/isU" , //过滤 <script 防止引入恶意内容或恶意代码,如果不需要插入flash等,还可以加入<object的过滤
	"/(<[^>]*)on[a-zA-Z]+\s*=([^>]*>)/isU" , //过滤javascript的on事件
	);
	$tarr = array(
	" " ,
	"" , //如果要直接清除不安全的标签，这里可以留空
	"\\1\\2" ,
	);
	$str = preg_replace ( $farr , $tarr , $str );
	$str2 = str_replace ('<','&lt;' , $str );
	$str3 = str_replace ('>','&gt;' , $str2 );
	return $str3 ;
}

?>